How to Build a Twitter Direct Messages Spam Filter in PHP

After my completely ironic article on “How to Become a Social Media Guru“, I thought it was best to come back down to earth with something practical! This article is an antidote to Step 2- Automated Direct Messages!

Do you ever get frustrated with the amount of Twitter direct message spam you get? It has been a constant issue for me. I was getting so many spammy direct messages each day that I was missing legitimate ones! You know the kind of ones I am talking about don’t you?…

“check for fake followers, and more…”

“funny picture of you…”

“Get a chance to win…”

“Help Yourself To This 100% Proven $30k Per Month…”

“Hey someperson has been saying…”

“join and follow me…”

“please like my facebook page…”

“rumour going around about you…”

“somebody is saying horrible things about you..”.

“Thank you for following,”

“Thanks 4 following,”

“X uses TrueTwit validation service…”

Need I get on? You get the picture!

Whilst I was building my first Twitter app, Twools, I suddenly realised that I could potentially write a simple app which could scan my direct messages for spammy phrases and delete them. I could then run this on a schedule (say every 30 mins) and I would no longer be drowning in spam!

Well, I have to say, since implementing this, I have radically reduced the amount of spam I have received and I never lose important direct messages any more.

But why keep this to myself? We’re all in this together after all. In this post I show you how you can build the same spam filter. This spam filter is built into Twools, but if you need something standalone then this is your app! This article might look a little technical, particularly if PHP code scares you. But please don’t be frightened- I still hope you’ll be able to take something from this article, and if this is something you’d like to use yourself, you can always use Twools.

Opt Out

But before I do, there are some quick and easy things you can do to reduce the amount of direct message spam you get. You can’t guard against DM viruses like the “somebody is saying horrible things about you” phishing attacks, but you can opt out of receiving automatic direct messages from services like SocialOomph. Since SocialOomph is one of the most popular auto DM tools out there, you’ll be cutting down on a lot of spam. Social Oomph go through the process step by step here.

Unfortunately there are many other services that people use to send automated direct messages like AutoFollowBack (now FollowerBlitz). Whilst some say they are building opt out services, there is still no way to stop receiving the spam.

Then there is the dreaded TrueTwit validation service. TrueTwit is a tool some people use that sends out a direct message to new followers. The direct message contains a link which is designed to check whether you are a human or not and so supposedly reduce the amount of bot or spammy followers. The problem is that TrueTwit effectively turns all its users into spam bots by forcing them to send out useless direct messages. The only way to opt out of receiving TrueTwit direct messages is by signing up to their Pro account. It doesn’t seem right, but I was desperate. I can confirm that I am a signed up user of TrueTwit Pro- although not to use their service as intended!

What You Need

As with Twools, I am using the server side language PHP. You don’t need to know PHP to run this script, but you do need a website or server that has PHP. You’ll also need to know how to upload the script- probably using an FTP programme.

Register Your App

Firstly you will need to register your app with Twitter. The only person who will be using it will be you and the app’s details will be stored in the script. Follow the steps in my How to Create a Twitter App in 8 Easy Steps and you’ll end up with these 4 keys:

Download the App

I’ve put the spam filter on github. You can have a look around here, or just download as a zip file here. There are two main files, the first is called TwitterAPIExchange.php. You won’t need to touch this. This is the magic PHP wrapper which helps us connect to Twitter’s API. The other file is called cleandm.php and is our little script that does the spam filtering. Open that up in your favourite text editor. Don’t worry if you aren’t used to this kind of thing it’s quite easy.

Add Your Details

At the top of the cleandm.php file you’ll see quite a few phrases that I have put in an array called $spamFilter. You can change some of these, delete some and add more. Just make sure you put them in double quotes and that you put a comma at the end.

// An Array of phrases for spam filter to delete direct messages
$spamFilter = array(
"Brilliant ✓ Come here first ➜",
"but checkout my videos:)",
"check for fake followers, and more",
"funny picture of you",
"Get a chance to win",
"Help Yourself To This 100% Proven $30k Per Month",
"Hey someperson has been saying",
"I started using this new app for my Twitter",
"join and follow me",
"like us on facebook",
"please like my facebook page",
"please like my FB page",
"rumour going around about you",
"somebody is saying horrible things about you",
"Someone is making up a horrible",
"Thank you for following",
"Thank you for the follow",
"Thanks 4 following",
"Thanks 4 the follow",
"Thanks again for the follow",
"Thanks for connecting",
"Thanks for following",
"Thanks for the follow",
"Thanks for the the follow",
"Thanks so much for following",
"Thanks so much for the follow",
"Thx 4 the follow",
"Thx for follow",
"uses TrueTwit validation service",
"Welcome #my Friend#",
"You can auto follow back",
"You;ve GOTTA See this!"
);

Once you’ve done this, you need to put your four keys that you saved from your Twitter app:

Now, you’ll need to upload both these files to a directory on your website. For example /spamfilter/. Just run the script from your browser and the spam filter will do its trick.

Warning!

Of course, this script is very rough and ready and I don’t recommend running it exactly like this, at least not without knowing the risks.

Firstly, this script WILL DELETE YOUR DIRECT MESSAGES! I know that’s obvious, but make sure you are comfortable with this script deleting messages based on the keywords and phrases in the spamFilter array!

Secondly. the script contains your app’s keys in the clear. If a hacker were to get hold of these they could get access to your Twitter account. With this in mind, I would recommend that you put the script out of your public web directory. You could then run it on a schedule every 30 minutes or so. If you are interested, let me know in the comments and I’ll try and help you out here.

Thirdly, this script is put out here just as it is. It’s a simple yet rough and ready script that works for me. Only use if you are happy to accept the risks!

These points being made, I really hope it helps and that you end up being spam free!

Ian is a Confident Live Marketing Coach and founder of Seriously Social. He’s an international speaker, trainer, teacher, web developer and consultant. He has a passion for making the techno-babble of live video and social media marketing easy to understand. Ian is co-founder of Select Performers – a family run web agency. As well as being a geek, husband, and dad to two kids, Ian is also a professional singer and lives near Manchester in the UK. Find out more

You can flag a comment by clicking its flag icon. Website admin will know that you reported it. Admins may or may not choose to remove the comment or block the author. And please don't worry, your report will be anonymous.

I was able to opt out of TrueTwit easily by logging in to my account. Not sure why you suggested going to premium.

You can flag a comment by clicking its flag icon. Website admin will know that you reported it. Admins may or may not choose to remove the comment or block the author. And please don't worry, your report will be anonymous.

You can flag a comment by clicking its flag icon. Website admin will know that you reported it. Admins may or may not choose to remove the comment or block the author. And please don't worry, your report will be anonymous.

Hi Brent. Sorry you have had issues with this. I had issues with this a while back, but I hoped it had been fixed with Twitter. I changed to a different Twitter library that seemed to fix the issue I had. Would you be happy to test the script that I use and see if it works for you? That would actually be very helpful. If you could contact me through my contact form I’ll email you the script over.

You can flag a comment by clicking its flag icon. Website admin will know that you reported it. Admins may or may not choose to remove the comment or block the author. And please don't worry, your report will be anonymous.

Hello Ian. I am having the same exact problem as Brent Dunn regarding your Twitter DM Spam Filter script. I stuck the two scripts on my web server, and then accessed it via my web browser. As Brent noted, when I run the script, all I get is “Deleting Spam… No spam in direct messages found.” even though I have hundreds of messages from TrueTwit which I want to delete going back six years. Even if I remove all filters from the list in the script, and just leave the ones that actually pertain to TrueTwit, nothing is being deleted.… Read more »

You can flag a comment by clicking its flag icon. Website admin will know that you reported it. Admins may or may not choose to remove the comment or block the author. And please don't worry, your report will be anonymous.

Hi Bill. It sounds like something else is going wrong, such as having wrong API AOUTH values. The above script doesn’t have any error checking, but if you add the following line to line 76 (just before the echo of Deleting Spam):

Connect with me

Additional Resources

About Ian

Ian is the founder of the Confident Live Marketing Academy and helps entrepreneurs to level up their impact, authority and profits by using live video confidently. Seriously Social is a blog focussed on live video and social media tools. He’s an international speaker, trainer, teacher and consultant.